back to article Zero day Word flaw exploited by Trojan

Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks. The flaw - which is restricted to Microsoft Office Word 2002 Service Pack 3 - creates a mechanism for hackers to inject hostile code onto vulnerable systems. Redmond has published workarounds as a stop-gap measure while its …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Yet another nonsensical exploit!

    "...creates a mechanism for hackers to inject hostile code onto vulnerable systems"

    How the hell does anyone write a word processor application in such a way that it is able to "inject" code into the rest of the system??? You shouldn't be able to do this even if the functionality was built into the bloody application!!!

    Oh, DUH! I forgot - It's Microsoft Windows isn't it. Silly me.

  2. Anonymous Coward
    Dead Vulture

    Can you really be so ignorant; and yet bash at the same time?

    Amazes me how many people bash things/people here only to display their true ignorance... wait, more like STUPIDITY.

    Especially when every vendor or open source word processor, which has features you can code or configure into the application has had a vulnerability at one time.

    Perhaps if your brain wasn't this size ----> .

    ...you could figure out a few things. Until then, maintain a 5 foot disitance between yourself and anything with a processor.

  3. Anonymous Coward
    Anonymous Coward

    @Can you really be so ignorant

    I'm not ignorant. I'm actually pretty good, and I wouldn't be at all surprised if I found that you use some of my code on a daily basis - and I bet it doesn't go wrong for you! :-)

    As for "...which has features you can code or configure into the application..."

    ...that completely misses the point, and you are making excuses for a fundamentally broken model. The point I was making (and despite what you infer, this IS mostly a MS-only problem) is that stuff like this should not be possible. The reason is IS possible is because (a) the OS mechanisms that get exploited are not robust enough and (b) bits of application are getting more and more ingrained into the OS in a way that makes exploits like privilege promotion possible. The division between OS and application is blurred to the point where there are numerous back doors and hooks into the OS that should never have existed in the first place.

    Bugs in software is a fact of life and if you have an exploitable bug then you have to expect bad things to happen. But "bad things" should be confined to data in use (or at most, the user's account). "Bad things" should not extend to the point where rogue code can execute random routines that can cause damage to the OS or give root privileges to some remote bot somewhere (I know this is problem is not cited in this case, but it HAS happened many times in the past). These things should not be possible. The fact that they are shows a fundamental failure in the OS model.

  4. Jason Harvey
    Coat

    @AC

    stop arguing with yourself *too funny to see AC as the poster on each post*

    /snags coat and leaves before the ACs split personalities converge.

  5. Alfazed
    Thumb Up

    will probably be withheld until a fix is unavailable

    Then surely they should release what they know now ?

    Maybe they don't now anything ?

    ALF

  6. KenBW2
    Happy

    title

    "Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks."

    Wonder how many times *that* hass been said

  7. amanfromMars Silver badge
    Pirate

    Don't hold your breath waiting ...... some things aint for fixing, only for using

    "Microsoft warns that an unpatched Word vulnerability has become the subject of targeted attacks." .... Methinks that would have been more accurately/truthfully written .... Microsoft warns that an unpatched Word vulnerability has begun targetting attacks ....... but maybe they want to try and withhold that info until a fix is available.

    I do admire such as would be that optimism...... even whenever it may be misguided.

  8. Aodhhan

    Fact of development

    The more features an application has, along with ease of use, and flexibility in dynamic user programming.... the more likely someone will find a way to exploit the application.

    It isn't feasible for most companies to test their software to death before realeasing it. Majority of software put out today has some sort of vulnerability waiting to be found.

    If everything was so easy to fix... Oracle would have been able to fill up all their leaks years ago.

  9. Anonymous Coward
    Anonymous Coward

    Patch Tuesday

    Yes, I am sure the crackers won't wait till Wednesday.

    "I don't care if Saturday's blue

    Sunday's grey and Monday too

    Tuesday shoves the patch at you

    It's Wednesday, I'm being cracked

    dee, dee

    Thursday, wait

    And Exploit Friday always comes too late

    But Wednesday, never hesitate..."

  10. Alan W. Rateliff, II
    Paris Hilton

    Then why post anonymously?

    Grow some balls and post your name, then. Give yourself some credibility.

    Paris, she's growing balls.

This topic is closed for new posts.

Other stories you might like